Well, let me say that I am the most technically skilled security expert that I know, however, I do not consider myself to be a security expert. My general approach to security is, turn off as much as possible, block everything except those few things I need and while I am at it, update everything to fix as many vulnerabilities as possible.
So I am now administrating a server rack full of equipment running a slew of operating systems from linux to OpenBSD, to Windows Server 2003, 2008 and 2008 R2. Now there is nowhere nearly enough time in my day to audit these systems for vulnerabilities, and beyond running windows update, patching the linux/bsd machines, turning features off and putting a pf firewall in front of the entire rack, I am not certain what else I should be doing?
I'd love some input here? If I were to spend a single hour tomorrow above and beyond my regular work securing the services, where would the best place to start be?